<div><div dir="auto">Utkarsh, upon re-reading your question, I realized that I may have misunderstood your question. Are you asking how to position a sensor to monitor 120 endpoints? Or are you asking how to aggregate logging from 120 sensors?</div></div><div><br><div class="gmail_quote"><div dir="ltr">On Wed, Aug 1, 2018 at 6:38 PM Chris Boley <<a href="mailto:ilgtech75@gmail.com">ilgtech75@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">look up OwlH, they’ve created an integration package to put on your suricata sensor and ship the logs to OSSEC / WAZUH. </div></div><div><div dir="auto"><br></div><div dir="auto">Chris</div></div><div><br><div class="gmail_quote"><div dir="ltr">On Mon, Jul 30, 2018 at 4:11 PM Cooper F. Nelson <<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If you are a Cisco shop you should check out ERSPAN:<br>
<br>
<a href="https://packetpushers.net/erspan-new-favorite-packet-capturing-trick/" rel="noreferrer" target="_blank">https://packetpushers.net/erspan-new-favorite-packet-capturing-trick/</a><br>
<br>
-Coop<br>
<br>
On 7/28/2018 12:48 AM, Utkarsh Bhargava wrote:<br>
> Hi All,<br>
><br>
> How to monitor the entire network ( 120 nodes ) using suricata ? Do I<br>
> need to install suricata on each device or there's something like<br>
> suricata agents as we have in OSSEC ?<br>
><br>
> Please help me !<br>
><br>
><br>
> Regards<br>
><br>
><br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
> Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
> Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a><br>
<br>
-- <br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ITS Security Team<br>
<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a> x41042<br>
<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a></blockquote></div></div></blockquote></div></div>